Hedgehog Security

What is CREST accredited penetration testing?

By |2022-07-26T10:45:57+01:00July 24th, 2022||

CREST accredited penetration testing (also referred to as pentesting, pen testing and the often confusing PEN testing. (No, we do not know why people capitalise the shortening of Penetration either)) is a type of ethical or white hat hacking engagement designed to identify and address security vulnerabilities in your people, processes and technology. Most often

Comments Off on What is CREST accredited penetration testing?

What are the benefits of CREST penetration testing?

By |2022-07-24T10:42:31+01:00July 24th, 2022||

CREST accredited penetration testing offers a number of advantages, including: 1. Highly trained security professionals CREST penetration testing is typically carried out by, or under the supervision of, CREST-registered penetration testers. CREST-registered or certified penetration testers are required to pass a series of rigorous exams to prove their skill, knowledge and competence and must re-sit

Comments Off on What are the benefits of CREST penetration testing?

Why choose a CREST-accredited provider for pen testing?

By |2022-07-24T10:37:18+01:00July 24th, 2022||

“There are many benefits in procuring penetration testing services from a trusted, certified external company who employ professional, ethical and highly technically competent individuals. CREST member companies are certified penetration testing organisations who fully meet these requirements, having been awarded the gold standard in penetration testing, building trusted relationships with their clients.” – CREST CREST-certified

Comments Off on Why choose a CREST-accredited provider for pen testing?

What is a CREST-certified company?

By |2022-07-24T10:36:00+01:00July 24th, 2022||

Every CREST member company is required to submit policies, processes and procedures relating to their service provision to CREST for assessment. Gaining and maintaining CREST certification is an ongoing process rather than a one-time step – member organisations are required to submit an application annually, with a full reassessment required every three years. Each CREST

Comments Off on What is a CREST-certified company?

Who is CREST?

By |2022-07-24T10:30:31+01:00July 24th, 2022||

The Council for Registered Ethical Security Testers (CREST) is an international not-for-profit accreditation and certification body which represents and supports the technical information security market. CREST provides internationally recognised accreditation for organisations and professional level certification for individuals who provide penetration testing and other services such as cyber incident response, threat intelligence and Security Operations Centre (SOC)

Comments Off on Who is CREST?

Does your Pentest satisfy ‘x’ Compliance Requirements?

By |2022-07-24T10:00:00+01:00July 24th, 2022||

A question we hear often is can we meet compliance requirements. While this certainly requires a deeper discussion, our testing is in compliance with multiple pentesting compliance standards including PCI, HIPAA, SOC2, and others.  That said, each compliance standard is different. For example CREST Approve pen testing requires specific tester qualifications. These requirements should be

Comments Off on Does your Pentest satisfy ‘x’ Compliance Requirements?

How much of your Penetration Testing is Automated vs. Manual?

By |2022-07-24T10:01:10+01:00July 24th, 2022||

A question not enough people ask is how much of the testing is automated vs. manual. While automated tools are a brief step early in our process, a large majority of our testing is manual. The amount of manual work varies project-to-project, but around 80% of the pentest is hands-on for large infrastructure pentests. For

Comments Off on How much of your Penetration Testing is Automated vs. Manual?

How soon can you start on my project?

By |2022-07-24T09:53:49+01:00July 24th, 2022||

We understand that clients often have hard deadlines that they’re trying to meet. Whether you’re trying to meet client requirements which rely on pentest results or have an annual requirement, we do best to accommodate your timelines. Unfortunately, manual penetration testing takes some planning & preparation for our assessment team and our schedule can be

Comments Off on How soon can you start on my project?

Should we fix all of the vulnerabilities that are reported?

By |2022-07-24T09:52:49+01:00July 24th, 2022|, |

You should evaluate all of the vulnerabilities using a risk-based model first. Each vulnerability should be evaluated for business impact and probability of being exploited to ultimately assign a risk rating. Companies should have risk criteria defined in order to determine thresholds for remediation. Vulnerabilities above the threshold should be remediated or appropriately compensated for in order to bring them

Comments Off on Should we fix all of the vulnerabilities that are reported?

We have our website hosted with a third party. Should we test it?

By |2022-07-24T09:51:36+01:00July 24th, 2022||

Maybe – Is anyone testing the third party already? The first thing to do is to find out if the third party service provider is already having a reputable network penetration test provider review the website. If so, due diligence is needed to validate the scope is appropriate, review the methodology, and understand if any key findings were observed.

Comments Off on We have our website hosted with a third party. Should we test it?

How do we prepare for a penetration test?

By |2022-07-24T10:02:17+01:00July 24th, 2022||

In general, there is no need for anything special to prepare for a penetration test with respect to how security controls are managed on a day-to-day basis. Remember that a penetration test is a point in time review of the environment. The test is going to assess the security posture at that particular point in time. If patches

Comments Off on How do we prepare for a penetration test?

How do we validate vulnerabilities have been remediated?

By |2022-07-24T09:48:08+01:00July 24th, 2022|, |

Validating that vulnerabilities have been remediated can be performed using a variety of methods, either in-house or through external independent verification testing. Some organizations prefer to track remediation in-house and possess the resources to independently validate successful remediation, however most seek independent validation and should have a remediation verification test performed. This is why it is critical

Comments Off on How do we validate vulnerabilities have been remediated?
Go to Top